Connecting to Multiple SharePoint Sites with a Single Authentication Prompt Using PnP PowerShell

 Context

Sometimes, you must perform some activities to multiple SharePoint sites using a script. You would probably be prompted to get connected to each site because of MFA

In my case, I needed to verify if someone was site owner on multiple sites.



Prerequisites

You will need SharePoint Admin permissions (you may have to elevate your privileges "PIM").
PowerShell and PnP.PowerShell module must be installed.

Code Sample

In this example, I'm checking if my Entra ID group is member of site Onwers.

$siteUrls = Import-Csv -Path $CsvPath
$tenantAdminUrl = "https://yourTenant-admin.sharepoint.com"
$tenantClientID = "567bf829-465a-ds5e-ad03-0af9f30o5619"
$loginName = "c:0t.c|tenant|$aadGroupId"
$tenantConnection = Connect-PnPOnline -Url $tenantAdminUrl -ClientId $tenantClientID -Interactive -ReturnConnection

foreach ($siteUrl in $siteUrls) { 

    #Connect to the site
    
    Connect-PnPOnline -Url $siteUrl -ClientId $tenantClientID -Interactive -Connection $tenantConnection

    # Get associated Owners group
    $ownersGroup = Get-PnPGroup -AssociatedOwnerGroup
        

    $isOwner = $ownersGroup.Users | Where-Object { $_.LoginName -eq $loginName }
    if ($isOwner) {
        Write-Host "Already in Owners of: $($siteUrl)"           
    }
    else {
        #Do that
    }
}
# Do forget to disconnect
Disconnect-PnPOnline -Connection $tenantConnection

Pay attention to

I noticed, some PnP action are not working as expected

Conclusion

This solution work but has some limitation. I would prefer to use Azure App registration with enough permission to perform my task.

Comments

Post a Comment

Popular posts from this blog

How to give app access on a specific SharePoint site using Azure AD API permission

Image
Sometime, you want to give third party applications access to a specific SharePoint online site collection using Microsoft Graph API or SharePoint API.  You can achieve this in two steps : Set up API Permission from App registration Grant app access to the specified site collection Set up API Permissions In azure AD, select your app registration. Then go to API permissions, click on add a permission. Add API Access Select Microsoft Graph or SharePoint, then application permissions. Pick Sites.Selected permissions, select it then click on Add permissions. Choosing selected sites permissions Now your permissions are selected you must grant admin consent. At this point, you have given to your app selected site collections permissions but you did not define what permission level to use nor what site collection can be access by your app. Grant App access to your site collection You will need pnp management shell to do this, your App Id, and the url of the site collection that will be ...
Read more

Guest user can't access Client Side Assets resources in SharePoint App Catalog site

Image
When using third party web part or custom web part, there is a property named includeClientSideAssets that push resources to Client Site Assets library of the SharePoint App catalog site. Anytime a user is using one of those web parts, he will retrieve resources from this centralized area. This Client site assets library is hidden and is at least read-only for every member of your organization but it is not accessible to external user. As consequence external users are getting errors like below. [SPLoaderError.loadComponentError]: Failed to load component "544c1372-42df-47c3-94d6-017428cd2baf" (pnpSearchResultsWebPart). Original error: Failed to load path dependency "SearchResultsWebPartStrings" from component "544c1372-42df-47c3-94d6-017428cd2baf" (pnpSearchResultsWebPart). Original error: Error loading https://component-id.invalid/544c1372-42df-47c3-94d6-017428cd2baf_4.1.0/SearchResultsWebPartStrings Unable to load script https://mytenant.sharepoint.co...
Read more

Ensure SharePoint User with Power Automate

Image
 I had to set custom permission and grant access to some users based on their email address. All those users were member of the organization so they exist in our Azure Active directory (AAD). B ut, to set this permission, user must exist in the SharePoint information list too. So I used a function named:  EnsureUser . As its name suggests, this function ensures there is a record of the current user in the user information list in the current Site collection. To call this function with Power Automate, I used the Send HTTP request SharePoint Connector like below. Site address : Your site address. Method : POST URI : _api/web/ensureuser Header :  Accept: application/json;odata=verbose Content-Type: application/json;odata=verbose Body:  { 'logonName': 'i:0#.f|membership|jane.doe@yourDomain.com' } If the HTTP call is successful, the output will  give you: User id (from the user information list) User name (property Title ) User email UPN (User Principal Name) I...
Read more